Startup servlet problem with autentication

[goxy200]

Hi,
I wrote startup servlet that do some things when jboss server start, but I have problem because I have to use some of the methods for which acegi check permissions. I have in log this mesage "A valid SecureContext was not provided in the RequestContext". As those methods in this case are called by system not by user how can I bypass that security checking.
One one mine idea was to make a new user like "System" and to log with it but I don't know how from code to tell acegi that mine startup servlet is that user.
Finaly I made a methods with same functioanality as methods defined in applicationContext for method invocation autorization but with other name.
<bean id="managerSecurity"
class="net.sf.acegisecurity.intercept.method.aopal liance.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="businessAccessDecisionManager" />
</property>
<property name="afterInvocationManager">
<ref local="afterInvocationManager" />
</property>
<property name="objectDefinitionSource">
<value>
<!-- ContentManagerAp -->
com.mypacket.update=ACL_WRITE
<value>

[Andreas Senft]

Have a look at Acegi's RunAsManager. I haven't used it myself, so I cannot give you an example, but have a look at the reference for further information.

Regards,
Andreas

[goxy200]

I have looked that but that is interface that I don't know how to implement.

Regards
Goran

[Andreas Senft]

You don't have to. Have a look at org.acegisecurity.runas.RunAsManagerImpl. There is also a brief description on usage in the API documentation.

And here a link to the according section in the reference manual.

Regards,
Andreas

[Ben Alex]

You just need to set SecurityContextHolder up appropriately whenever your code starts to run. If everything is coordinated from a particular bean, you could just do it within the bean itself, a bit like our anonymous authentication services work.